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(54) Abstract Title 

Mobile internet access 

(57) A method of authorising a mobile Internet Protocol (IP) enabled terminal 1 to access the Internet 2 via an 
access network 3 which may be a wireless LAN comprises initially sending an IP access request from the 
mobile terminal 1 to an IP router 5 within the access network 3. In response to receipt of said access request at 
the IP router 5, an IP address routing prefix is sent from the IP router 5 to the mobile terminal 1. Electronic cash 
is then forwarded from the mobile terminal 1 to a control point 6 within the access network 3. The control point 
6 confirms the authenticity and/or sufficiency of the electronic cash and, providing that confirmation is made 
sends an authorisation message to the IP router 5. The IP router 5 blocks the transmission of IP packets 
between the mobile terminal 1 and the Internet 2 prior to receipt of the authorisation message and permits the 
passage of IP packets only after an authorisation message has been received. 
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MOBILE INTERNET ACCESS 

Field of the Invention 

The present invention relates to mobile Internet access and in particular, though not 
necessarily, to mobile Internet access with a mobile wireless terminal. 

Background to the Invention 

With the increasing use of the Internet, interest has grown in the possibility of accessing 
the Internet using mobile terminals which are able to roam between access networks. 
These access networks may be networks to which the mobile terminals are connected 
via fixed lines or may be wireless networks to which the mobile terminals are connected 
using a radio interface. Examples of fixed line networks are Ethernet networks whilst 
examples of wireless networks are mobile telephone networks as well as wireless Local 
Area Networks (LAN s) . 

A difficulty which must be overcome in order to fully implement mobile Internet access 
with roaming, is the need to authenticate and/or authorise a roaming terminal (or rather 
the subscriber using the mobile terminal) which uses a foreign network as its access 
network. It is generally envisaged that such a roaming terminal should belong to a 
subscriber of some other network, i.e. the subscriber's 'home' network, and that the 
foreign access network must contact this home network in order to authorise the 
roaming terminal. 

One disadvantage of this proposal is that it does not enable a mobile terminal to access 
the Internet anonymously. That is to say that in order to access the Internet a roaming 
terminal must disclose its identity either to the access network or to some other home 
network. 



Summary of the Invention 



According to a first aspect of the invention there is provided a method of authorising a 
mobile Internet Protocol (IP) enabled terminal to access the Internet via an access 
network, the method comprising: 

sending an IP access request from the mobile terminal to an IP node within the 

access network; 

in response to receipt of said access request at the IP node, sending from the IP 
node to the mobile terminal an IP address or part thereof; 

sending electronic cash or other authentication message from the mob.le 
terminal to a control point within the access network; and 

confirming at the control point the authenticity of said electronic cash or 
authentication message and, providing that confirmation is made, sending an 
authorisation message from the control point to the IP node, 

wherein the IP node blocks the transmission of IP packets between the mobile 
terminal and the Internet prior to receipt of said authorisation message and permits the 
passage of IP packets only after an authorisation message has been received. 

Anonymous access is possible where a mobile terminal has access to electronic cash 
which can be transferred from the mobile terminal to the access network. Providing that 
sufficient electronic cash is transferred to the access network, the access network may 
authorise the mobile terminal to access the Internet without the need to refer to some 
other home network of the mobile terminal. 

Preferably, upon receipt of the electronic cash at the control point, the control point 
contacts a bank, or other electronic cash provider, in order to authenticate and ensure the 
sufficiency of the received electronic cash. Providing that the bank or cash provider 
returns a confirmation or authentication message to the control point, the control point 
is able to send the authorisation message to the IP node in order to allow the passage of 
IP data packets between the mobile terminal and the Internet. 

As an alternative to the use of electronic cash, the mobile terminal may transmit a 
password or certificate to the control point. The authenticity of the password or 
certificate may then be checked with a foreign network operator or the like. 
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Preferably, said IP node provides routing functionality for IP data packets. This node 
may also provide for protocol conversion between the carrier protocol used by the 
access network, and that used by the Internet. However, where the carrier protocol of 
the access network is compatible with that of the Internet, no such conversion may be 
required. 

In certain embodiments of the present invention, upon receipt of the access request at 
the IP node, the IP node returns to the mobile terminal an IP address prefix. The 
remainder of the IP address may be provided or generated by the mobile terminal itself. 
This remaining part of the IP address may be an International Mobile Subscriber 
Identity (IMSI) code in the case where the access network is a mobile telephone 
network and the mobile terminal is a mobile telephone terminal or the like. Where the 
access network is a fixed line access network, the remaining part of the IP address may 
be the address of the mobile terminal within that network, e.g. an Ethernet address in 
the case of an Ethernet network. 

The access network may be a wireless Local Area Network (LAN) or Wide Area 
Network (WAN). In this case, where the IP node returns a part of an IP address, the 
remainder of the address may correspond to the address of the terminal in the access 
network, e.g. an Ethernet address. 

According to a second aspect of the present invention there is provided apparatus for 
use in enabling a mobile IP terminal to access the Internet, the apparatus comprising: 

an IP node for receiving an IP request sent from a mobile terminal, and for 
responding to receipt of the request by returning to the mobile terminal a mobile address 
or part thereof; and 

a control point within the access network for receiving electronic cash or other 
authentication message sent from the mobile terminal and for confirming the 
authenticity of the sent electronic cash or authentication message and, providing that 
confirmation is made, for sending an authorisation message to the IP node, 



the IP node being arranged in use to block the transfer of messages between the 
mobile terminal and the Internet prior to receipt of an authorisation message from the 
control point and being arranged to allow the transfer upon receipt of the authorisation 
message. 

Brief Description of the Drawings 

Figure 1 illustrates schematically a communication system for enabling a mobile IP 
terminal to access the Internet; and 

Figure 2 is a flow diagram illustrating arf access method used in the system of Figure 1 . 
Detailed Description of Certain Embodiments 

There is illustrated in Figure 1 a telecommunications system in which a mobile terminal 
1 is able to communicate with the Internet 2 by making use of an access network 3. In 
the example to be described here, the access network 3 is a wireless Local Area 
Network (LAN) whilst the mobile terminal 1 is a mobile wireless terminal. More 
particularly, the wireless LAN 3 is an Ethernet network, with the mobile terminal 1 
comprising an Ethernet "card" which is programmed with an Ethernet address. 
Typically this address is worldwide unique and is allocated by card manufacturer. In 
the example given here, the LAN 3 uses the TCP/IP protocol over the Ethernet 
connection. 

The wireless LAN 3 is coupled to the Internet 2 via an IP gateway node 4. This 
gateway node 4 is in turn connected to a number of "primary" IP routers 5 (only one of 
which is shown in the Figure) within the wireless LAN 3. Each of the primary IP 
routers 5 provide a gateway between the Ethernet LAN and the IP "world". This 
function involves protocol conversions. In addition, the primary routers 5 are involved 
in the allocation of IP addresses to the mobile terminals, which addresses are world- 
wide unique. 



For the purpose of this example, it is assumed that the mobile terminal 1 does not have a 
subscription with the operator of the wireless LAN 3 or with any other network (e.g. 
LAN, WAN, telephone network etc) with which the wireless LAN 3 has a billing 
relationship. That is to say that the mobile terminal 3 does not have a "home" network. 
When the mobile terminal 1 is within the radio coverage area of the wireless LAN 3 and 
is switched on, the mobile terminal 1 attempts to make a normal attachment to the 
wireless LAN 3. It does this via radio transceiver stations which are not illustrated in 
Figure 1 . The mobile terminal 1 initiates a negotiation with one of the primary routers 5 
(typically the router which is physically closest to the radio transceiver station which 
handles the terminal's access), requesting in message Ml an IP address routing prefix 
from the router. In the case of Internet Protocol version 6 (IPv6), this prefix contains 64 
bits and is returned by the router 5 as message M2 to the mobile terminal 1 over the 
radio interface. In order to generate a complete IPv6 address, the mobile terminal 1 
adds to the routing prefix an address part which is unique to the mobile terminal 1 . This 
part may be, for example, the Ethernet card address of the mobile terminal 1. 

Following the return of the IPv6 address prefix from the router 5, the router 5 does not 
immediately start coupling IP data packets between the mobile terminal 1 and the 
Internet 2. Rather, the router 5 awaits authorisation of the access request from a control 
point 6 to which the router 5 is connected. 

The authorisation process at the control point 6 is conducted as follows. Firstly, upon 
receipt of the EP routing prefix from the router 5, the mobile terminal 1 transmits an 
amount of electronic cash M3 to the control point 6 via the radio transceiver station. 
The electronic cash is accompanied by the IP address now allocated to the mobile 
terminal 1 . In order to verify the amount and authenticity of the electronic cash, the 
control point 6 contacts a bank or other electronic cash provider 7 which is responsible 
for the transmitted electronic cash. This may involve sending a certificate M4, which 
accompanies the electronic cash, to the bank or electronic cash provider 7 using TCP/IP. 
In the event that the amount of electronic cash is insufficient, or the bank or electronic 
cash provider 7 returns a message M5 indicating that the electronic cash is not 
authentic, the control point 6 will return a fail message M6 to the mobile terminal 1 
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indicating that the access request is denied. The control point 6 will then notify the 
responsible router 5 of this situation. 

Assuming on the other hand that the amount of electronic cash sent to the control point 
6 is sufficient, and that the bank or electronic cash provider 7 returns in message M5 
confirmation that the electronic cash is authentic, the control point 6 will transmit an 
authorisation message in message M6 to the responsible router 5. Upon receipt of the 
authorisation message, the router will start to relay IP packets between the mobile 
terminal 1 and the Internet 2. The mobile terminal 1 is then able to exchange IP data 
packets with a correspondent host 8, via fhe Internet 

Figure 2 is a flow diagram illustrating further the authorisation process described above. 

It will be appreciated by a person of skill in the art that various modifications may be 
made to the above described embodiments without departing from the scope of the 
present invention. 



Claims 



1. A method of authorising a mobile Internet Protocol (IP) enabled terminal to 
access the Internet via an access network, the method comprising: 

sending an IP access request from the mobile terminal to an IP node within the 
access network; 

in response to receipt of said access request at the IP node, sending from the IP 
node to the mobile terminal an IP address or part thereof; 

sending electronic cash or other authentication message from the mobile 
terminal to a control point within the access network; and 

confirming at the control point the authenticity of said electronic cash or 
authentication message and, providing that confirmation is made, sending an 
authorisation message from the control point to the IP node, 

wherein the IP node blocks the transmission of IP packets between the mobile 
terminal and the Internet prior to receipt of said authorisation message and permits the 
passage of IP packets only after an authorisation message has been received. 

2. A method according to claim 1 and comprising routing IP data packets at said IP 
node. 

3. A method according to claim 1 and comprising carrying out a protocol 
conversion at the IP node between the carrier protocol used by the access network, and 
that used by the Internet. 

4. A method according to any one of the preceding claims and comprising, upon 
receipt of the access request at the IP node, returning from the IP node to the mobile 
terminal an IP address prefix. 

5. A method according to any one of the preceding claims, wherein the access 
network is a wireless Local Area Network (LAN) or Wide Area Network (WAN). 



6. A method according to any one of the preceding, claims, wherein, upon receipt 
of electronic cash at the control point, the control point contacts a bank, or other 
electronic cash provider, to authenticate and ensure the sufficiency of the received 
electronic cash and, providing that the bank or cash provider returns i confirmation or 
authentication message to the control point, the control point sends the authorisation 
message to the TP node in order to allow the passage of IP data packets between the 
mobile terminal and the Internet. 

7. Apparatus for use in enabling a mobile IP terminal to access the Internet, the 

apparatus comprising: 

an IP node for receiving an IP request sent from a mobile terminal, and for 
responding to receipt of the request by returning to the mobile terminal a mobile address 
or part thereof; and 

a control point within the access network for receiving electronic cash or other 
authentication message sent from the mobile terminal and for confirming the 
authenticity of the sent electronic cash or authentication message and, providing that 
confirmation is made, for sending an authorisation message to the IP node, 

the IP node being arranged in use to block the transfer of messages between the 
mobile terminal and the Internet prior to receipt of an authorisation message from the 
control point and being arranged to allow the transfer upon receipt of the authorisation 
message. 
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